By Dennis DiGiacomo, VP Griffon Force, LLC

Let’s ask ourselves would we ever sign a blank check and leave it sitting around on your desk at work or hand over your car keys to a complete stranger asking to borrow your car to run an errand. Likewise, you know not to give anyone your personal bank account information.

Unfortunately, today’s tech-savvy scammers don’t even need to know your online login credentials to access your account. Yikes!…

When con artists perform account takeovers, they gain fraudulent access digitally to bank accounts. In other words, they can access your account to withdraw money, initiate transfers, apply for loans, and perform other account-related tasks — oftentimes without you knowing a thing. Not only are you unaware that a stranger is in your account, but it’s also likely that you don’t know how they gained access in the first place.

This might leave you feeling quite helpless. You’re no data security specialist, and you chose a bank that deploys superior security features like encryption and multi-factor authentication (more on these later) to protect your personal information.

So, what, if anything, can you do?

Pay Close Attention to Your Accounts, or Know What to Look For…

Just because scammers are digitally breaking into financial accounts doesn’t mean all of their actions are 100 percent invisible.

In some instances, you might not be aware someone is committing fraud against you. For example, criminals may gain access to your email in order to obtain your bank login credentials. (Do you use your email as your log-in ID? You should consider changing it to something else.) Or they might make repeated phone calls to your bank or other businesses, guessing answers to personal questions until they successfully authenticate as you.

Be on the Lookout:

Some con artists hack email accounts from reputable people that accept payments, like attorneys or real estate agents. Using their name and email address, they’ll send a message directing you to send money to a fraudulent account.

Scammers also impersonate banks and might contact you directly via phone, email or text. This correspondence — which can look and sound official — will ask you to verify personal information, including account numbers, user names, and passwords.

So, what’s the best line of defense against someone attempting an account takeover? The following checklist outlines preventative tips to help make your accounts more secure, plus measures to help increase your awareness of suspicious account activity, should you experience fraud and need to take action immediately.

How to Make Your Account as Secure as Possible

Reduce your vulnerability by upping your security protections. You may not be able to make your accounts completely hacker-proof, but you can certainly make them safer.

Create a unique password/passphrase

These days, the longer and more unique the better when it comes to passwords/passphrases. Come up with a password/passphrase like lyrics from your favorite song as an example.

Just because your password/passphrase is long doesn’t mean it has to be impossible to remember. Create one that’s easy for you to remember, but hard for someone else to guess. For example, “Ownerofalonelyheart1984”

Give your login credentials an extra boost

It isn’t enough to come up with one super secure password. You need to create a different one for each financial institution. And never have your email address act as your user ID. Come up with a unique login name as well.

Remembering all of these user names and passwords for your accounts can be difficult, be sure to write them down and place copies in secure locations.

Switch it up

We recommend changing passwords/passphrases on your birthday every year for accounts like banking and investments.

Inquire about additional muscle

Ensure the email provider and websites you use employ multi-factor authentication and enable it when possible. This added level of security makes it harder for hackers to access your account and requires you to enter two pieces of evidence (like a password, a special code that’s sent via text to your phone, or a PIN, for example) before being granted access. We recommend two-factor authentication sent via email instead of texting if possible.

Get notified

Consider notifications from your bank as V.I.P. (very important push notifications), so set up alerts notifying you about changes to your profile (user name, password, phone number, address, email address, etc.), failed login attempts and deposits and withdrawals of funds.

Confirm. And confirm again

You can’t be too careful when transferring money. Whether you’re sending funds via Automated Clearing House (ACH), wire or Zelle — all secure options — touch base with the recipient on the phone or in person so they’re expecting the money movement. It’s also wise to double check the account details before sending.

Don’t RSVP

Normally, when you receive a message asking for a response, the polite thing to do is send a reply. But that’s not the case when you receive a message that appears to be from your bank requesting information from you. An email like this could be a scam. Call your bank’s 800 number (you can find it on its website or on the back of your debit card) and only reply if you’ve personally verified its authenticity.

Check your Fingerprints & Face

If your smartphone or computer has biometric ID, you can use it. Touch ID and other biometric options aren’t an exact science, and can sometimes be easily bypassed. Use with caution and apply security updates when released.

Call attention to suspicious activity

Receive a shady message in your inbox? Are you unsure what to do… Contact your bank immediately. If you’re skeptical about an email that seems Don’t open any attachments or embedded links that may be included in the email.

Keep current

Remove old contact information (address, phone number, email address) from your account profile. Hackers could use your info to open fraudulent accounts elsewhere.

Make use of these tactics and your account will be more likely to remain secure and in your own hands, not in those of a scammer.